Tag Archive | "password-security"

We’ve discussed password storage/generation solutions quite often, especially in the news stories about hacks and plain text password leaks, here’s a tool for the more paranoid who don’t want to store their passwords locally or in the cloud. Passera is a simple tool written in Go that allows users to generate a unique strong password […]

Ok so we constantly tell people not to reuse passwords across sites, because if they are stored in plain text (and leaked) those naughty hackers now have your e-mail address AND your password and can wreak havoc on your life. Which is pretty much true, but Microsoft disagrees and there is some validity to what […]

Moscrack is a PERL application designed to facilitate cracking WPA keys in parallel on a group of computers. This is accomplished by use of either Mosix clustering software, SSH or RSH access to a number of nodes. With Moscrack’s new plugin framework, hash cracking has become possible. SHA256/512, DES, MD5 and *Blowfish Unix password hashes […]

A traditional password audit typically involves extracting password hashes from systems and then sending those hashes to a third-party security auditor or an in-house security team. These security specialists have the knowledge and tools to effectively audit password hashes. They use password cracking software such as John the Ripper and Hashcat in an effort to […]

The worst passwords of 2013 – really, more like the most common. The majority come from the massive Adobe leak, which contributed over 40 million passwords and skewed the data a fair bit pushing “photoshop” and “adobe123″ into the list. Most of them are no surprise though, we published the top 10 most common passwords […]

TwitterPasswordDecryptor is the FREE tool to instantly recover Twitter account passwords stored by popular web browsers. Most web browsers store the login credentials for visited websites so that user don’t have to remember and enter the password every time. Each of these web browsers use their own proprietary encryption mechanism to store the login passwords […]

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations. Some other options are: The Associative Word List Generator (AWLG) – Wordlists for Password Cracking CeWL – Custom Word List Generator Tool for Password Cracking RSMangler – Keyword […]

A while back we had Wyd – Automated Password Profiling Tool but the guys at remote-exploit seem to have superseded this with CUPP. There are other similar options too – The Associative Word List Generator (AWLG) and also RSMangler – Keyword Based Wordlist Generator For Bruteforcing. People spend a lot of time preparing for effective […]

Now this is interesting a proper mathematical calculation for using cloud computing to crack passwords, now Amazon has opened up their EC2 (Elastic Compute Cloud) the cost of massive parallel processing power has come right down. And guess what, someone thought of using it to crack passwords. It seems the cut-off would be a 12 […]

KrbGuess is a small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment. It allows you to do this by studying the response from a TGT request to the KDC server. The tool works against both Microsoft Active Directory, MIT and Heimdal Kerberos implementations. In addition […]